# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openssl
pkgver=1.1.1g
_abiver=${pkgver%.*}
pkgrel=0
pkgdesc="Toolkit for Transport Layer Security (TLS)"
url="https://www.openssl.org/"
arch="all"
license="OpenSSL"
replaces="libressl"
makedepends_build="perl"
makedepends_host="linux-headers"
makedepends="$makedepends_host $makedepends_build"
subpackages="$pkgname-dbg $pkgname-libs-static $pkgname-dev $pkgname-doc
	libcrypto$_abiver:_libcrypto libssl$_abiver:_libssl"
source="https://www.openssl.org/source/openssl-$pkgver.tar.gz
	man-section.patch
	ppc64.patch
	"


# secfixes:
#   1.1.1g-r0:
#     - CVE-2020-1967
#   1.1.1d-r3:
#     - CVE-2019-1551
#   1.1.1d-r1:
#     - CVE-2019-1547
#     - CVE-2019-1549
#     - CVE-2019-1563
#   1.1.1b-r1:
#     - CVE-2019-1543
#   1.1.1a-r0:
#     - CVE-2018-0734
#     - CVE-2018-0735

build() {
	local _target _optflags

	# openssl will prepend crosscompile always core CC et al
	CC=${CC#${CROSS_COMPILE}}
	CXX=${CXX#${CROSS_COMPILE}}
	CPP=${CPP#${CROSS_COMPILE}}

	# determine target OS for openssl
	case "$CARCH" in
		aarch64*)	_target="linux-aarch64" ;;
		arm*)		_target="linux-armv4" ;;
		mips64*)	_target="linux64-mips64" ;;
		# explicit _optflags is needed to prevent automatic -mips3 addition
		mips*)		_target="linux-mips32"; _optflags="-mips32" ;;
		ppc64)		_target="linux-ppc64" ;;
		ppc64le)	_target="linux-ppc64le" ;;
		x86)		_target="linux-elf" ;;
		x86_64)		_target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;;
		s390x) 		_target="linux64-s390x";;
		*)		msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;;
	esac

	# Configure assumes --options are for it, so can't use
	# gcc's --sysroot fake this by overriding CC
	[ -n "$CBUILDROOT" ] && CC="$CC --sysroot=$CBUILDROOT"

	perl ./Configure $_target --prefix=/usr \
		--libdir=lib \
		--openssldir=/etc/ssl \
		shared no-zlib $_optflags \
		no-async no-comp no-idea no-mdc2 no-rc5 no-ec2m \
		no-sm2 no-sm4 no-ssl2 no-ssl3 no-seed \
		no-weak-ssl-ciphers \
		$CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack
	make
}

check() {
	# AFALG tests have a sporadic test failure, just delete the broken
	# test for now.
	rm -f test/recipes/30-test_afalg.t

	make test
}

package() {
	make DESTDIR="$pkgdir" install
	# remove the script c_rehash
	rm "$pkgdir"/usr/bin/c_rehash
}

dev() {
	default_dev
	replaces="libressl-dev"
}

_libcrypto() {
	pkgdesc="Crypto library from openssl"
	replaces="libressl2.7-libcrypto"
	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
	mv "$pkgdir"/etc "$subpkgdir"/
	for i in "$pkgdir"/usr/lib/libcrypto*; do
		mv $i "$subpkgdir"/lib/
		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
	done
	mv "$pkgdir"/usr/lib/engines-$_abiver "$subpkgdir"/usr/lib/
}

_libssl() {
	pkgdesc="SSL shared libraries"

	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
	for i in "$pkgdir"/usr/lib/libssl*; do
		mv $i "$subpkgdir"/lib/
		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
	done
}

sha512sums="01e3d0b1bceeed8fb066f542ef5480862001556e0f612e017442330bbd7e5faee228b2de3513d7fc347446b7f217e27de1003dc9d7214d5833b97593f3ec25ab  openssl-1.1.1g.tar.gz
43c3255118db6f5f340dc865c0f25ccbcafe5bf7507585244ca59b4d27daf533d6c3171aa32a8685cbb6200104bec535894b633de13feaadff87ab86739a445a  man-section.patch
e040f23770d52b988578f7ff84d77563340f37c026db7643db8e4ef18e795e27d10cb42cb8656da4d9c57a28283a2828729d70f940edc950c3422a54fea55509  ppc64.patch"
